* This commit effectively fixes https://www.kb.cert.org/vuls/id/403768 (CVE-2017-13083) as
it is described per its revision 11, which is the latest revision at the time of this commit,
by disabling Windows prompts, enacted during signature validation, that allow the user to
bypass the intended signature verification checks.
* It needs to be pointed out that the vulnerability ("allow(ing) the use of a self-signed
certificate"), which relies on the end-user actively ignoring a Windows prompt that tells
them that the update failed the signature validation whilst also advising against running it,
is being fully addressed, even as the update protocol remains HTTP.
* It also need to be pointed out that the extended delay (48 hours) between the time the
vulnerability was reported and the moment it is fixed in our codebase has to do with
the fact that the reporter chose to deviate from standard security practices by not
disclosing the details of the vulnerability with us, be it publicly or privately,
before creating the cert.org report. The only advance notification we received was a
generic note about the use of HTTP vs HTTPS, which, as have established, is not
immediately relevant to addressing the reported vulnerability.
* Closes#1009
* Note: The other vulnerability scenario described towards the end of #1009, which
doesn't have to do with the "lack of CA checking", will be addressed separately.
* Rufus now checks for processes with handles opened on the drives/volumes before
starting the format operation and asks the user if they want to continue.
* This mimics Windows' behaviour when formatting drives, and actually uses the
same message as the one from shell32.dll.mui.
* Closes#773
* Tooltips can only be manipulated from the same thread as the one that created their parent
* Also increase the SetLGP() timeout as this seems to be problematic
* Closes#764
* When compiled with MinGW, this was always disabled due to forcing XP as
the lowest common denominator and using #ifdefs
* This should also help with OFN_NOCHANGEDIR seemingly being ignored
* Sadly, this change also adds ~20KB to our *compressed* size... :(
* MSG_002 doesn't display in RTL
* Update Policy dialog loses RTL setting after the first paragraph
* Some text displayed in native Windows message boxes is not using RTL
(even as the Message Box itself will display the rest of the UI elements as RTL)
* Detect if the relevant language pack is installed and use MessageBoxEx to
display native message box buttons using the selected language.
* All theses issues are part of #621
* Also remove trailing whitespaces
* Since Microsoft forces our hand, we hack away into our compiled RC
resources and change dialog attributes on the fly so that:
- we can switch between LTR & RTL
- change the font for Windows XP
* Note that the base RC font has been changed to "Segoe UI Symbols"
so that it looks the same in the editor (at least for English) but
can accommodate the length required for "MS Shell Dlg"
* Fix Quick Format option overlapping boot option dropdown
* Fix vertical spacing between "Create bootable disk" and "Create extended label and icon files"
* Fix vertical spacing of progress bar in non advanced mode
* Align and resize Advanced Options button
* Align and resize Select Image button
* Fix vertical centering of Status text
* Add 64x64px icon so that the About dialog looks better at 200% size
* Ensure that focus is set back to a button after some operations
* Remove a confusing forced focus on Start after boot type dropdown selection
* Ensure that the Advanced Options and Select Image buttons have a label that
can be picked up by screen readers such as nvda
* Closes#243
* Closes#499
* Application will start in portable mode if its name contains a 'p'
eg. "rufus_portable.exe" or "prufus.exe"
* Closes#264
* Also fix a couple smaller issues
* Greatly improves the display of non western character sets, such as CJK.
* Note: Since I'm no longer willing to go the extra mile for XP, the way we
handle the non availability of the Segoe font there is by doing the lazy
thing and duplicating all our UI resources, in a similar way as what we do
for RTL, and setting them with the old "MS Shell Dlg".
* Also update some Syslinux V5 refs to Syslinux V6.
* Closes#308
* Fix label control being reduced in size when a translation modifies it
* Minute adjustments to make the application look better on Windows 8
* Closes#356
* Tooltips were not properly displaying
* When displaying human readable size, the order for the size and suffix was wrong
* First character of "0x##" in the BIOS ID would not display as zero on an Arabic machine
* Vista and later use a different system message font than MS Shell Dlg
* For languages such as Chinese, it makes custom notifications look quite
different from system ones, which is not what we want
* Issue reported by Wayne Ying
* Fix missing DOS codepages for Asian languages (reported by Kyle)
* Fix wrong label being reported when an USB HDD is present (reported by NaJiyoun)
* Fix potential issue with error message reporting
* Fix ISO button being truncated on high DPI displays
* Improve French and Korean translations
* Improve launch of updated application
* Fix missing [b]ase for Chinese and French
* Fix infinite loop when [b]ase is not available for default
* Fix resizing of main dialog forces forcing pos to 0,0
* add commandline usage guide
* use -w 150 instead of /W for updated app launch
* fix enabling/disabling of advanced options for UEFI/exFAT
* test for >4GB files for UEFI
* fix warning with freopen
* Add dialog for new release notification
* Do not check for updates during format or ISO ops
* Add RTF support for parser and security improvements
* Also improve init and exit of progress dialog
Pete Batard